WAN connection through a Linux machine

WAN connection through a Linux machine

Shachar Shemesh shachar at shemesh.biz
Tue Apr 20 13:56:47 IDT 2010


Dan Shimshoni wrote:
> shachar,
> I googled for  "MSS Squashing". Got 0 results!
>
> What is this "MSS Squashing"? and how is it related to this issue?
>
> rgs,
> DS
>
>
>   
The term used in the iptables man page is "clamp-mss-to-pmtu"

The ethernet maximal transfer unit (MTU) is 1500 bytes (more or less, 
but in practice, this is the default). Since pppoe has some overhead, 
the effective MTU on ppp0 is lower (about 1470 bytes). Packets sent out 
by your machine B broadcast the desired packet length on the return path 
through a TCP option called MSS (maximal segment size).

Theoretically, TCP will figure out on its own that the path MTU (PMTU) 
is lower than the end MTU as advertised by the MSS. This has two 
disadvantages:
1. It has worse performance than advertising the correct number in the 
MSS to begin with
2. Some firewalls block the ICMP message used to report this case (code 
3 type 4 - "fragmentation needed but don't fragment set"). As a result, 
you get "black hole" syndrom.

The solution is to have iptables alter the MSS field of the TCP option 
to the value it knows is correct.

Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100420/8d19e645/attachment.html>


More information about the Linux-il mailing list